ENISA publishes report on cloud computing from the perspective of critical infrastructure protection

The European Network and Information Security Agency (ENISA) has released a new report to highlight the risks posed by cloud computing to critical information infrastructures.

In the upcoming period, most major organizations – including ones from critical sectors such as finance, health, and insurance – will turn to cloud computing to benefit from the numerous advantages it has to offer.

However, as experts have often emphasized, while cloud computing brings a number of benefits, it also comes with some major risks.

“From a security perspective, the concentration of data is a ‘double-edged sword’; large providers can offer state-of-the-art security, and business continuity, spreading the costs across many customers. But if an outage or security breach occurs, the impact is bigger, affecting many organisations and citizens at once,” Dr Marnix Dekker says.

First of all, the report highlights the fact that the cloud services themselves are becoming a critical information infrastructure.

In addition, cyberattacks that exploit software vulnerabilities can lead to large breaches that affect millions of users, due to the large concentration of data.

On the positive side, cloud computing is much more resilient to distributed denial-of-service (DDOS) attacks and natural disasters than traditional systems.

The report also makes nine recommendations for entities responsible for critical information infrastructures. The recommendations include tracking cloud dependencies, working with providers on incident reporting schemes, and national risk assessments.

“Cloud computing is a reality and therefore we must prepare to prevent service failures and cyber attacks on cloud services. The European Cyber Security and Cloud Computing Strategies provide a roadmap for this,” said Professor Udo Helmbrecht, executive director of ENISA.